Privacy and Data Protection

Womble Carlyle's "Privacy Bulletin" highlights select developments that might be of interest to entities that collect or use personally identifiable information. Protecting a person's privacy is a challenge to businesses, universities, and all other entities that collect personal information, particularly given the proliferation of personally identifiable information contained within consumer and employee records. Womble Carlyle issues its Privacy Bulletin twice a month.

Thursday, July 6, 2017, 4:09 PM

We all get
them. Repeated marketing calls to our mobile and home phones with the
incoming phone number altered to make it appear that it’s a local call, when in
fact, the call is from a robo-scammer using IP technology to “spoof” the phone
number. As it turns out, there’s a federal law that makes such spoofing
illegal, the Truth in Caller ID Act of 2009
(“TICIDA”), and in its first enforcement action under TICIDA, the FCC hit an
alleged serial robocaller, Adrian Abramovich and his companies (together,
Abramovich) with a whopping $120 million Notice of Apparent Liability for
allegedly originating nearly 100 million such calls.

The Commission also issued a Citation and Order
to Abramovich for alleged violations of the Telephone Consumer Protection Act
(“TCPA”) for making unauthorized prerecorded telemarketing calls to emergency
phone lines, wireless phones and residential phones without obtaining the
required prior express written consent from the called party. While
TICIDA allows the Commission to directly fine first-time violators through its
NAL authority, which it did here, in TCPA FCC enforcement actions involving
entities and individuals that do not hold Commission authorizations, the
Commission must first issue a citation, and then can only proceed with a fine
if the recipient repeats the violation. That still leaves Abramovich open
to potentially monumental TCPA class action exposure. The Citation
and Order also notified Abromovich that he had violated the federal wire fraud
statute by transmitting or causing to be transmitted, by means of wire,
misleading or false statements with the intent to perpetrate a fraud.

According to the Commission, Abramovich ran a scheme where his
spoofed calls appeared to originate from local numbers and offered, via a
pre-recorded message, holiday vacations and cruises claiming to be associated
with well-known American travel and hospitality companies. The
pre-recorded messages would prompt customers to “press 1” to secure their
reservation. Once a customer pressed “1”, the customer was transferred to
a call center where live operators pushed vacation packages typically involving
timeshare presentations, that were not affiliated with the well-known brands
used in the recorded messages. The Commission characterized Abramovich’s
schemes as “one of the largest – and most dangerous – illegal robocalling
campaigns the Commission has ever investigated.” According to the
Commission, in addition to defrauding consumers, the robocalling campaign also
caused disruptions to an emergency medical paging service, which provides
paging services for emergency room doctors, nurses, emergency medical
technicians, and other first responders.

While significant in absolute terms, the $120 million proposed
fine, according to the Commission, was significantly below the penalty that
could have been proposed in the NAL. Rather than fine the statutory
maximum of $11,052 for each spoofing violation, or three times that amount for
each day of a continuing violation, the Commission calculated the base
forfeiture amount at $1,000 per unlawful spoofed call, since this was the first
time the Commission used its TICIDA forfeiture authority.

Mr. Abromovitz now has an opportunity to respond to both the NAL
and Citation. Stopping illegal robocalling has been a key priority for
Chairman Pai, and no doubt the Commission is expecting that the threat of huge
monetary forfeiture penalties against the industry will provide a powerful
incentive for roboscammers to look for other ways to make a buck. Given
the Commission’s struggle with fashioning tools to go after serial robocallers
that do not have the effect of increasing TCPA exposure for established
companies engaging in legitimate customer communications, we do not expect the
Commission to back down from its proposed penalty, and expect this to be the
start of a new enforcement initiative using TICIDA and its direct penalty
provisions.